igor - Fotolia
Israel has accused Palestinian Islamist group Hamas of using a World Cup live scores and fixtures app and two fake dating apps to hijack soldiers’ smartphones to spy on them.
The Israel Defence Forces (IDF) says hundreds of men and women in the army were contacted through fake social media accounts and encouraged to download the malicious dating apps to gain control of their phones, while the World Cup app was advertised to soldiers in Hebrew on Facebook.
The three Android apps, which have since been removed from the Google Play Store, were designed to infect soldiers’ phones with data-stealing malware and turn on cameras and microphones for live spying, Reuters quoted two Israeli military security officers as saying.
The malware was also designed to give its creators the location of the infected handset and access to the owner’s contact list, according to The Guardian.
The IDF said the malware had failed to cause any “security damage at all” and that most soldiers had reported the matter to their commanders. However, it admitted that some soldiers had downloaded the apps, although the number who had done so was “less than 100”.
The IDF said it had been monitoring the “honeytrap” campaign for months, but did not provide any details of why it believed Hamas was responsible. It also claimed Hamas had used a similar strategy in January 2017 involving less advanced apps that were sold as social chat platforms.
As part of a new awareness programme, the IDF has started sending fake messages to soldiers that ask them to click on a link. If a soldier opens the link, a warning pops up and they have to attend a briefing about online security.
Hamas has reportedly declined to comment on the allegations that it is responsible for the three malicious apps.
The dangers of smartphone hacking were illustrated this week by UK defence secretary Gavin Williamson, who was interrupted by his iPhone digital assistant Siri while he was updating MPs on the fight against Islamic State, revealing that his phone has not been properly secured.
The incident has raised concerns that someone in Williamson’s position had not taken precautions against having a live microphone on his phone in the light of hackers’ ability to hijack such devices for spying purposes, such as GCHQ’s “Nosey Smurf” program.